Building on a partnership announced in August 2018 to deliver a full-lifecycle vulnerability management solution using the Qualys Cloud Platform, this extension of that partnership integrates the recently unveiled Qualys PM specifically to help automate X-Force Red’s prioritization and remediation management capabilities. It also adds Qualys Web Application Scanning (WAS) to X-Force Red’s vulnerability management scanning capabilities.

“Based on our many conversations with security leaders, prioritizing and remediating vulnerabilities seems to be the biggest vulnerability management headache,” said Charles Henderson, Global Head of X-Force Red. “Qualys has released a patch management platform that automates patching with a click of a button. X-Force Red has created an algorithm that automatically prioritizes vulnerabilities within minutes. By integrating our solutions, we can offer organizations fast, effective and manageable remediation no matter how limited their resources and time.”

“IBM X-Force Red is at the forefront of helping the world’s largest companies build security into their digital transformation,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “This expansion of our partnership equips IBM X-Force Red to broaden their vulnerability management service to patch management and streamline their web application security services.”

Many organizations identify and manually decipher which of thousands of vulnerabilities to fix first, then assign patching responsibilities and track remediation progress for each one, beginning with the most critical. The lengthy process drains resources, all while exploitable vulnerabilities are exposing sensitive assets. X-Force Red Vulnerability Management Services uses a proprietary algorithm to prioritize vulnerability remediation based on asset value, weaponization, and other contextual factors. The team then facilitates the remediation process using a concurrent model. The top, most critical vulnerabilities are sent to the individuals in charge of remediation. Once those are fixed, the next set of critical vulnerabilities is sent to remediators.

Qualys PM automates these patch deployments using Qualys Cloud Agents, enabling more efficient full-lifecycle vulnerability management. It allows IT and SecOps teams to centralize their patching and remediation of Windows, macOS and Linux operating systems, and hundreds of applications. X-Force Red will be able to quickly target critical CVEs without researching knowledge base articles, then deploy the patch to endpoints, on-premises or cloud assets and verify remediation, all in less time.

Qualys WAS will allow X-Force Red to continuously discover and catalog web applications - including new and unknown ones - and detect vulnerabilities and misconfigurations in web apps and APIs. Scaling to thousands of scans, WAS conducts incisive, thorough, and precise testing of browser-based web apps, mobile app backends, and Internet of Things (IoT) services.

About QualysQualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 10,300 customers in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The Company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.

Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.